Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Sr. Security Engineer - Pentester

T

Twitter

Sr. Security Engineer - Pentester

San Francisco, CA
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    WHAT YOU’LL DO:

    • Review implementation code and perform both manual and automated web application pentesting on critical products and features, identify security flaws, and suggest remediations.

    • Identify ways to chain together low to medium-severity findings into successful attack patterns.

    • Research new threats, attack vectors and risks.

    • Conduct threat modeling, security reviews and provide/maintain security guidance to development teams.

    • Help engineers design more secure applications via design input and code review. 

    • Build tools and integrate scanners for static and dynamic analysis. 

    • Describe business impact of identified vulnerabilities to engineering and management.

    • Provide guidelines and best practices for fixing identified vulnerabilities.

    • Provide security expertise and guidance to Twitter engineering and business teams.

    • Build, automate, and operate security testing capabilities for Twitter.

    • Mentor other engineers in your areas of expertise.

    • Participate in scoping engagements and report delivery.

  • Qualifications

    Qualifications

    YOU WILL MEET MOST (BUT NEED NOT MEET ALL) OF THE FOLLOWING POINTS:

    • Bachelor’s or advanced Degree in Computer Science or closely related field.

    • 4+ years of experience in application-level vulnerability testing and code-level security reviews.

    • Web application pentesting and red teaming experience.

    • Strong understanding of web (OWASP Top 10) or mobile application security.

    • Experience in doing automated testing via scripting or programming languages (Python, Java, Scala, shell, etc.)

    • Experience conducting architecture and design reviews. 

    • Experience with Burp Suite, OWASP ZAP or other proxying and scanner tools

    • Experience communicating security issues and recommendations to both technical and non-technical audiences.

    Additional Information

    We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.

    San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records

  • Industry
    Media Production